I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask...

Cybersecurity is one of the fastest-growing fields, not just in computer science but arguably in all industries. What is even more fascinating is that no matter how many newly trained cybersecurity professionals emerge each day, there is still a need for many more. The industry is in dire need of people, not only with the knowledge but also with the...

Previously, we reviewed The Ghidra Book: The Definitive Guide because several of us were working with Ghidra, and it was a topic that made sense. Similarly, we spend a lot of time thinking and talking about Internet of Things (IoT) Security. Whether it is Craig Young winning the first-ever SOHOpelessly Broken contest at DEF CON or the team running...

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this. Although I...

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half. Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to...

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of...

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via...

Back in early June, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a fact sheet discussing the rising threat of ransomware to operational technology (OT) assets. This development raises several questions. Why is ransomware a threat to OT environments? And what can organizations do to protect their OT assets against...

Ada Lovelace Day is October 12th, celebrating women in STEM, which includes cybersecurity! Every year, the holiday does end up being a history of computing, as Ada was composing what we’d now consider the software for a theoretical first computer that had not been built. But that was in the 1840s. What are women doing today? Have you heard of...

I’m happy to announce that arrangements have now been finalized for the Tripwire team to return for the Tripwire VERT Hack Lab at the MTCC! We will be bringing some new hardware devices as well as a new virtualized hack target. This new virtual target, an ASUS DSL modem with recent firmware, can be compromised by applying the tools & methods we’ve...

Back in the early days of networking, many companies assigned all of the responsibilities to anyone who showed any aptitude towards operating a computer. In many companies, this was an accountant or someone else who also managed sensitive financial information. The assumption was that the person managing the corporate books was the most trustworthy...

Organisations who find their networks hit by a ransomware attack may soon have to disclose within 48 hours any payments to their extortionists. That's the intention of the Ransom Disclosure Act, a new bill proposed by US Senator Elizabeth Warren and Representative Deborah Ross. Ransomware victims are not currently required to report attacks or...

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence. First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added...

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control...

Canopy was advertised to me through my child’s school. The company offers a multi-platform parental control app claiming various abilities to limit and monitor use of protected devices. Access to Canopy is billed monthly and includes a compelling list of features for concerned parents: From: https:...

It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly reviewing the news for interesting stories and developments in the cybersecurity world. Here’s what stood out to us during the week of September 27, 2021. We’ve also included the comments from a few folks here at Tripwire VERT. REvil Ransomware Group Goes...

What is your organization’s approach to security events? For many organizations, each security alarm is treated with the same urgency as a fire. While a sense of urgency is good, the ensuing panic that occurs is not a recipe for longevity. The constant shifting of attention from one emergency to the next is fatiguing; it can often lead to mistakes...

REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, operating as a ransomware-as-a-service (RAAS) business model that sees it share its profits with affiliates who break into networks and negotiate with victims on...